15:09:33,068 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] (http--0.0.0.0-8080-10) Returning cached instance of singleton bean 'transactionManager'
15:09:33,068 DEBUG [org.springframework.orm.jpa.JpaTransactionManager] (http--0.0.0.0-8080-10) Creating new transaction with name [com.ust.wmi.lakshya.service.dao.OrderDAO.getOrderByLoginId]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT; ''
15:09:33,068 DEBUG [org.springframework.orm.jpa.JpaTransactionManager] (http--0.0.0.0-8080-10) Opened new EntityManager [org.hibernate.ejb.EntityManagerImpl@680daeb0] for JPA transaction
15:09:33,068 DEBUG [org.springframework.orm.jpa.JpaTransactionManager] (http--0.0.0.0-8080-10) Exposing JPA transaction as JDBC transaction [org.springframework.orm.jpa.vendor.HibernateJpaDialect$HibernateConnectionHandle@42dfd3c5]
15:09:33,427 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (http--0.0.0.0-8080-8) Checking match of request : '/'; against '/js/'
15:09:33,427 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (http--0.0.0.0-8080-8) Checking match of request : '/'; against '/img/'
15:09:33,427 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (http--0.0.0.0-8080-8) Checking match of request : '/'; against '/css/'
15:09:33,427 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (http--0.0.0.0-8080-8) Checking match of request : '/'; against '/fonts/'
15:09:33,427 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (http--0.0.0.0-8080-8) Checking match of request : '/'; against '/less/'
15:09:33,427 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (http--0.0.0.0-8080-8) Checking match of request : '/'; against '/docs/'
15:09:33,427 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (http--0.0.0.0-8080-8) Checking match of request : '/'; against '/dashboard-assets/'
15:09:33,427 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /?t=0.234172108117491 at position 1 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
15:09:33,427 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http--0.0.0.0-8080-8) No HttpSession currently exists
15:09:33,427 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http--0.0.0.0-8080-8) No SecurityContext was available from the HttpSession: null. A new one will be created.
15:09:33,443 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /?t=0.234172108117491 at position 2 of 15 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
15:09:33,443 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /?t=0.234172108117491 at position 3 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
15:09:33,443 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /?t=0.234172108117491 at position 4 of 15 in additional filter chain; firing Filter: 'CsrfFilter'
15:09:33,443 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /?t=0.234172108117491 at position 5 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
15:09:33,443 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /?t=0.234172108117491 at position 6 of 15 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
15:09:33,443 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /?t=0.234172108117491 at position 7 of 15 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
15:09:33,443 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /?t=0.234172108117491 at position 8 of 15 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
15:09:33,443 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /?t=0.234172108117491 at position 9 of 15 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
15:09:33,443 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /?t=0.234172108117491 at position 10 of 15 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
15:09:33,443 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /?t=0.234172108117491 at position 11 of 15 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
15:09:33,443 DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] (http--0.0.0.0-8080-8) Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 106.219.63.98; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
15:09:33,458 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /?t=0.234172108117491 at position 12 of 15 in additional filter chain; firing Filter: 'SessionManagementFilter'
15:09:33,458 DEBUG [org.springframework.security.web.session.SessionManagementFilter] (http--0.0.0.0-8080-8) Requested session ID zgOCshH3xP8LpHdbmUl30Yhz.wm2-lakshya2 is invalid.
15:09:33,458 DEBUG [org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy] (http--0.0.0.0-8080-8) Starting new session (if required) and redirecting to '/logoutSession'
15:09:33,458 DEBUG [org.springframework.security.web.session.HttpSessionEventPublisher] (http--0.0.0.0-8080-8) Publishing event: org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@3c370fd5]
15:09:33,458 DEBUG [org.springframework.security.web.DefaultRedirectStrategy] (http--0.0.0.0-8080-8) Redirecting to '/oms-web/logoutSession'
15:09:33,458 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http--0.0.0.0-8080-8) SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
15:09:33,458 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] (http--0.0.0.0-8080-8) SecurityContextHolder now cleared, as request processing completed
15:09:33,600 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (http--0.0.0.0-8080-8) Checking match of request : '/logoutsession'; against '/js/'
15:09:33,600 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (http--0.0.0.0-8080-8) Checking match of request : '/logoutsession'; against '/img/'
15:09:33,600 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (http--0.0.0.0-8080-8) Checking match of request : '/logoutsession'; against '/css/'
15:09:33,600 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (http--0.0.0.0-8080-8) Checking match of request : '/logoutsession'; against '/fonts/'
15:09:33,600 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (http--0.0.0.0-8080-8) Checking match of request : '/logoutsession'; against '/less/'
15:09:33,600 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (http--0.0.0.0-8080-8) Checking match of request : '/logoutsession'; against '/docs/'
15:09:33,600 DEBUG [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (http--0.0.0.0-8080-8) Checking match of request : '/logoutsession'; against '/dashboard-assets/'
15:09:33,600 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /logoutSession at position 1 of 15 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
15:09:33,600 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http--0.0.0.0-8080-8) HttpSession returned null object for SPRING_SECURITY_CONTEXT
15:09:33,600 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (http--0.0.0.0-8080-8) No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@3c370fd5. A new one will be created.
15:09:33,600 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /logoutSession at position 2 of 15 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
15:09:33,600 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /logoutSession at position 3 of 15 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
15:09:33,615 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /logoutSession at position 4 of 15 in additional filter chain; firing Filter: 'CsrfFilter'
15:09:33,615 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8) /logoutSession at position 5 of 15 in additional filter chain; firing Filter: 'LogoutFilter'
15:09:33,615 DEBUG [org.springframework.security.web.FilterChainProxy] (http--0.0.0.0-8080-8)
Here i am using the spring security 3.2.0.Release version and spring 4.0.0.Release version.
After logged in immediately or after few seconds gap it is getting log off, After debugging I saw the above log.
I couldn't able to understand why my session is getting null Spring_Security_Context.
Here is my piece of code i m validating the session
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
// LOGGER.info(session.getAttribute("loginId")+"========"+url+"=============");
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Cache-Control","no-cache"); //Forces caches to obtain a new copy of the page from the origin server
response.setHeader("Cache-Control","no-store"); //Directs caches not to store the page under any circumstance
response.setDateHeader("Expires", 0); //Causes the proxy cache to see the page as "stale"
response.setHeader("Pragma","no-cache"); //HTTP 1.0 backward
response.setHeader("X-Frame-Options","deny");//For clickjacking deny
//response.setHeader("Content-Security-Policy", "default-src 'self'");//cross site scripting disable
// response.setHeader("Set-Cookie", "JSESSIONID=" + request.getSession().getId() + "; secure");
String url = request.getServletPath();
HttpSession session = request.getSession(false);
if (null == session) {
// response.sendRedirect("/index");
LOGGER.info("-------------------------------");
LOGGER.info("Empty Session");
LOGGER.info("-------------------------------");
}
else if(url.equals("/")){
response.sendRedirect(request.getContextPath()+"/welcome");
}
chain.doFilter(req, res);
}
And the piece of code of my spring security config file,
<security:form-login login-page="/index" default-target-url="/welcome" authentication-failure-url="/loginError?error"
always-use-default-target="true"/>
<security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/nourlhere" delete-cookies="JSESSIONID"/>
<security:session-management invalid-session-url="/logoutSession" >
<security:concurrency-control expired-url="/logoutSession" max-sessions="1" error-if-maximum-exceeded="false" />
</security:session-management>
<security:access-denied-handler error-page="/welcome"/>
<security:custom-filter ref="sessionValidtion" after="LAST"/>
<security:remember-me use-secure-cookie="true" user-service-ref="userDetailsService"/>
<bean id="sessionValidtion" class="com.wmi.lakshya.web.resource.SessionValidation"></bean>
I am not mention all configuration but somehow the major piece of code listed here.
Please help me to understand how it is making null my session Object
@rwinch
Here i am using the spring security 3.2.0.Release version and spring 4.0.0.Release version.
After logged in immediately or after few seconds gap it is getting log off, After debugging I saw the above log.
I couldn't able to understand why my session is getting null Spring_Security_Context.
Here is my piece of code i m validating the session
And the piece of code of my spring security config file,
I am not mention all configuration but somehow the major piece of code listed here.
Please help me to understand how it is making null my session Object
@rwinch